Link to home
Start Free TrialLog in
Avatar of nextsoln
nextsolnFlag for Australia

asked on

How to disable drive and clipboard redirection and lock down the d/top for some users only

I'd like to selectively lock down the desktop for some users only on a Remote Desktop Session Host. I have tried setting the Group Policy Object Editor :
Computer Confifuration | Administrative Templates | Windows Components | Remote Desktop Services | Remote Desktop Session Host | Device And Resource Redirection
Also tried the "Remote Desktop Session Host Configuration" tool.
Trouble is, it applies to everyone. Is this possible on a Windows 2008 R2 terminal server?
Avatar of getofmeland
getofmeland

You will need to do a user configuration group policy based on users to be able to do this and then apply it to a security group, rather than authenticated users.
Avatar of nextsoln

ASKER

In the user configuration there is an option for the clipboard but not the drives that I can see. I suppose there is two locations, the Remote Desktop Session Host Configuration that I would remove the option to disable the drive redirection and the clipboard. I could then use the GPO to lock them down based on the user configuration and apply that to the server OU and the specific security group I have created. The problem is that I have tried this and it still doesn't work. Am I missing something?
Do you users only use RDS? or do they log on to other hosts?

Do they have other Group Policies applied to them?
The users operating 95% of the time on the TS
yes we have a variety of GPO's that are applied to users
Yes I have enabled the loopback processing to no avail
I suppose the question would be, is it certainly possible to achieve. Theoretically is should all work but do you happen to know if this is possible to achieve and hence I have mis-configured something?
ASKER CERTIFIED SOLUTION
Avatar of Ackles
Ackles
Flag of Switzerland image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
As for Drrive Redirection:
It is only in:
Computer Confifuration | Administrative Templates | Windows Components | Remote Desktop Services | Remote Desktop Session Host | Device And Resource Redirection > Do not allow Drive Redirection.

That means, anyone going on it will get it.

A
Any news?
A